Google, Mozilla team up to block Kazakhstan’s browser spying tactics

Google and Mozilla have taken the rare step of blocking an untrusted certificate issued by the Kazakhstan government, which critics say it forced its citizens to install as part of an effort to monitor their internet traffic.

The two browser makers said in a joint statement Wednesday it deployed “technical solutions” to block the government-issued certificate.

Citizens had been told to install the government-issued certificate on their computers and devices as part of a domestic surveillance program. In doing so it gave the government ‘root’ access to the network traffic on those devices, allowing the government to intercept and snoop on citizens’ internet browsing activities.

Researchers found that only a few sites were being monitored, like Facebook, Twitter, and Google.

Although the Kazakh government is said to have stopped what it called “system testing” and allowed citizens to delete the certificate, both Google and Mozilla said its measures would stop the data-intercepting certificate from working — even if it’s still installed.

“We don’t take actions like this lightly,” said Marshall Erwin, Mozilla’s senior director of trust and security. But Google browser chief Parisa Tabriz said the company would “never tolerate any attempt, by any organization — government or otherwise — to compromise Chrome users’ data.”

The block went into effect invisibly and no action is needed by users.

Kazakhstan has a population of 18 million. Researchers said that the Kazakh government’s efforts to intercept the country’s internet traffic only hit a “fraction” of the connections passing through the country’s largest internet provider.

The Central-Asian country currently ranks as one of the least free countries on the internet freedom score, based off data collected by watchdog Freedom House, trailing just behind Russia and Iran.

A spokesperson for the Kazakhstan consulate in New York did not respond to a request for comment.

Join The New Stack for Pancake & Podcast with Q&A at TC Sessions: Enterprise

Popular enterprise news and research site, The New Stack, is coming to TechCrunch Sessions: Enterprise on September 5 for a special Pancake & Podcast session with live Q&A  featuring, you guessed it, delicious pancakes and awesome panelists!

Here’s the “short stack” of what’s going to happen:

  • Pancake buffet opens at 7:45 am on Thursday, Sept. 5 at TC Sessions: Enterprise
  • At 8:15 am the panel discussion/podcast kicks off, the topic, “The People and Technology You Need to Build a Modern Enterprise
  • After the discussion, the moderators will host a live audience Q&A session with the panelists
  • Once the Q&A is done, attendees will get the chance to win some amazing raffle prizes

You can only take part in this fun pancake-breakfast podcast if you register for a ticket to  TC Sessions: Enterprise. Use the code TNS30 to get 30% off the conference registration price!

Here’s the longer-versions of what’s going to happen:

At 8:15 a.m., The New Stack founder and Publisher Alex Williams takes the stage as the moderator and host of the panel discussion. Our topic for TC Sessions: Enterprise is The People and Technology You Need to Build a Modern Enterprise. We’ll start with intros of our panelists and then dive into the topic with Sid Sijbrandij, founder and CEO at GitLab, and Frederic Lardinois, enterprise reporter and editor at TechCrunch, as our initial panelists. More panelists to come!

Then it’s time for questions. Questions we could see getting asked (hint, hint): Who’s on your team? What makes a great technical team for the enterprise startup? What are the observations a journalist has about how the enterprise is changing? What about when the time comes for AI? Who will I need on my team?

And just before 9 a.m., we’ll pick a ticket out of the hat and announce our raffle winner. It’s the perfect way to start the day.

On a side note, the pancake breakfast discussion will be published as a podcast on The New Stack Analysts

But there’s only one way to get a prize and network with fellow attendees, and that’s by registering for TC Sessions: Enterprise and joining us for a short stack with The New Stack. Tickets are now $349, but you can save 30% with code TNS30.

Twitter blocks state-controlled media outlets from advertising on its social network

Twitter is now blocking state-run media outlets from advertising on its platform.

The new policy was announced just hours after the company identified an information operation involving hundreds of accounts linked to China as part of an effort to “sow political discord” around events in Hong Kong after weeks of protests in the region. Over the weekend over 1 million Hong Kong residents took to the streets to protest what they see as an encroachment by the mainland Chinese government over their rights.

State-funded media enterprises that do not rely on taxpayer dollars for their financing and don’t operate independently of the governments that finance them will no longer be allowed to advertise on the platform, Twitter said in a statement. That leaves a big exception for outlets like the Associated Press, the British Broadcasting Corp., Public Broadcasting Service, and National Public Radio, according to reporting from BBC reporter, Dave Lee.

 

The affected accounts will be able to use Twitter, but can’t access the company’s advertising products, Twitter said in a statement.

“We believe that there is a difference between engaging in conversation with accounts you choose to follow and the content you see from advertisers in your Twitter experience which may be from accounts you’re not currently following. We have policies for both but we have higher standards for our advertisers,” Twitter said in its statement.

The policy applies to news media outlets that are financially or editorially controlled by the state, Twitter said. The company said it will make its policy determinations on the basis of media freedom and independence including editorial control over articles and video, the financial ownership of the publication, the influence or interference governments may exert over editors, broadcasters and journalists, and political pressure or control over the production and distribution process.

Twitter said the advertising rules wouldn’t apply to entities that are focused on entertainment, sports, or travel, but if there’s news in the mix, the company will block advertising access.

Affected outlets have 30 days before they’re removed from Twitter and the company is halting all existing campaigns.

State media has long been a source of disinformation and was cited as part of the Russian campaign to influence the 2016 election. Indeed, Twitter has booted state-financed news organizations before. In October 2017, the company banned Russia Today and Sputnik from advertising on its platform (although a representative from RT claimed that Twitter encouraged it to advertise ahead of the election).

 

Twitter says accounts linked to China tried to ‘sow political discord’ in Hong Kong

Twitter says a significant state-backed information operation involving hundreds of accounts linked to China were part of an effort to deliberately “sow political discord” in Hong Kong after weeks of protests in the region.

In a blog post, the social networking site said the 936 accounts it found tried to undermine “the legitimacy and political positions of the protest movement on the ground.”

More than a million protesters took to the streets this weekend to demonstrate peacefully against the Chinese government, which took over rule from the British government in 1997. Protests erupted months ago following a bid by Hong Kong leader Carrie Lam to push through a highly controversial bill that would allow criminal suspects to be extradited to mainland China for trial. The bill was suspended, effectively killing it from reaching the law books, but protests have continued, pushing back at claims that China is trying to meddle in Hong Kong’s affairs.

Although Twitter is banned in China, the social media giant says the latest onslaught of fake accounts is likely “a coordinated state-backed operation.

“Specifically, we identified large clusters of accounts behaving in a coordinated manner to amplify messages related to the Hong Kong protests,” the statement said.

china tweets

Two of the tweets supplied by Twitter.

Twitter said many of the accounts are using virtual private networks — or VPNs — which can be used to tunnel through China’s vast domestic censorship system, known as the Great Firewall. The company added that the accounts its sharing represent the “most active” portions of a wider spam campaign of about 200,000 accounts.

“Covert, manipulative behaviors have no place on our service — they violate the fundamental principles on which our company is built,” said Twitter.

News of the fake accounts come days after Twitter user @Pinboard warned that China was using Twitter to send and promote tweets aimed at discrediting the protest movement.

Facebook said in its own post it also took down five Facebook accounts, seven pages and three groups on its site “based on a tip shared by Twitter.” The accounts frequently posted about local political news and issues including topics like the ongoing protests in Hong Kong, said Nathaniel Gleicher, Facebook’s head of cybersecurity policy.

“Although the people behind this activity attempted to conceal their identities, our investigation found links to individuals associated with the Chinese government,” said Gleicher.

Some of the posts, Facebook said, referred Hong Kong residents are “cockroaches.”

Twitter said it’s adding the complete set the accounts’ tweets to its archive of information operations.

Ally raises $8M Series A for its OKR solution

OKRs, or Objectives and Key Results, are a popular planning method in Silicon Valley. Like most of those methods that make you fill in some form once every quarter, I’m pretty sure employees find them rather annoying and a waste of their time. Ally wants to change that and make the process more useful. The company today announced that it has raised an $8 million Series A round led by Accel Partners, with participation from Vulcan Capital, Founders Co-op and Lee Fixel. The company, which launched in 2018, previously raised a $3 million seed round.

Ally founder and CEO Vetri Vellore tells me that he learned his management lessons and the value of OKR at his last startup, Chronus. After years of managing large teams at enterprises like Microsoft, he found himself challenged to manage a small team at a startup. “I went and looked for new models of running a business execution. And OKRs were one of those things I stumbled upon. And it worked phenomenally well for us,” Vellore said. That’s where the idea of Ally was born, which Vellore pursued after selling his last startup.

Most companies that adopt this methodology, though, tend to work with spreadsheets and Google Docs. Over time, that simply doesn’t work, especially as companies get larger. Ally, then, is meant to replace these other tools. The service is currently in use at “hundreds” of companies in more than 70 countries, Vellore tells me.

One of its early adopters was Remitly . “We began by using shared documents to align around OKRs at Remitly. When it came time to roll out OKRs to everyone in the company, Ally was by far the best tool we evaluated. OKRs deployed using Ally have helped our teams align around the right goals and have ultimately driven growth,” said Josh Hug, COO of Remitly.

Desktop Team OKRs Screenshot

Vellore tells me that he has seen teams go from annual or bi-annual OKRs to more frequently updated goals, too, which is something that’s easier to do when you have a more accessible tool for it. Nobody wants to use yet another tool, though, so Ally features deep integrations into Slack, with other integrations in the works (something Ally will use this new funding for).

Since adopting OKRs isn’t always easy for companies that previously used other methodologies (or nothing at all), Ally also offers training and consulting services with online and on-site coaching.

Pricing for Ally starts at $7 per month per user for a basic plan, but the company also offers a flat $29 per month plan for teams with up to 10 users, as well as an enterprise plan, which includes some more advanced features and single sign-on integrations.

Shell’s first electric vehicle fast charger lands in Singapore

Royal Dutch Shell, the energy giant known for its fossil fuel production and hundreds of Shell gas stations, is creeping into the electric vehicle-power business.

The company’s first DC fast charger launched Monday at a Shell gas station in Singapore. Greenlots, an EV charging startup acquired by Shell in January, installed the charger. This is the first of 10 DC fast chargers that Greenlots plans to bring to Shell service stations in Singapore over the next several months.

The decision to target Singapore is part of Greenlots’ broader strategy to provide EV charging solutions across all applications throughout Asia and North America, the company said. Both Shell and Greenlots have a presence in Singapore. Greenlots, which based in Los Angeles, was founded in Singapore; and Shell is one of Singapore’s largest foreign investors.

Singapore has been promoting the use of electric vehicles, particularly for car-sharing and ride-hailing platforms. The island city-state has been building up its EV infrastructure to meet anticipated demand as ride-hailing drivers and commercial fleets switch to electric vehicles.

Greenlots was backed by Energy Impact Partners, a cleantech investment firm, before it was acquired by Shell. The company, which combines its management software with the EV charging hardware, has landed some significant customers in recent years, notably Volkswagen. Greenlots is the sole software provider to Electrify America, the the entity set up by Volkswagen as part of its settlement with U.S. regulators over its diesel emissions cheating scandal.

Week in Review: Snapchat beats a dead horse

Hey. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about how Netflix might have some rough times ahead as Disney barrels towards it.


3d video spectacles 3

The big story

There is plenty to be said about the potential of smart glasses. I write about them at length for TechCrunch and I’ve talked to a lot of founders doing cool stuff. That being said, I don’t have any idea what Snap is doing with the introduction of a third-generation of its Spectacles video sunglasses.

The first-gen were a marketing smash hit, their sales proved to be a major failure for the company which bet big and seemingly walked away with a landfill’s worth of the glasses.

Snap’s latest version of Spectacles were announced in Vogue this week, they are much more expensive at $380 and their main feature is that they have two cameras which capture images in light depth which can lead to these cute little 3D boomerangs. One one hand, it’s nice to see the company showing perseverance with a tough market, on the other it’s kind of funny to see them push the same rock up the hill again.

Snap is having an awesome 2019 after a laughably bad 2018, the stock has recovered from record lows and is trading in its IPO price wheelhouse. It seems like they’re ripe for something new and exciting, not beautiful yet iterative.

The $150 Spectacles 2 are still for sale, though they seem quite a bit dated-looking at this point. Spectacles 3 seem to be geared entirely towards women, and I’m sure they made that call after seeing the active users of previous generations, but given the write-down they took on the first-generation, something tells me that Snap’s continued experimentation here is borne out of some stubbornness form Spiegel and the higher-ups who want the Snap brand to live in a high fashion world and want to be at the forefront of an AR industry that seems to have already moved onto different things.

Send me feedback
on Twitter @lucasmtny or email
[email protected]

On to the rest of the week’s news.

tumblr phone sold

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • WordPress buys Tumblr for chump change
    Tumblr, a game-changing blogging network that shifted online habits and exited for $1.1 billion just changed hands after Verizon (which owns TechCrunch) unloaded the property for a reported $3 million. Read more about this nightmarish deal here.
  • Trump gives American hardware a holiday season pass on tariffs 
    The ongoing trade war with China generally seems to be rough news for American companies deeply intertwined with the manufacturing centers there, but Trump is giving U.S. companies a Christmas reprieve from the tariffs, allowing certain types of hardware to be exempt from the recent rate increases through December. Read more here.
  • Facebook loses one last acquisition co-founder
    This week, the final remnant of Facebook’s major acquisitions left the company. Oculus co-founder Nate Mitchell announced he was leaving. Now, Instagram, WhatsApp and Oculus are all helmed by Facebook leadership and not a single co-founder from the three companies remains onboard. Read more here.

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Facebook’s turn in audio transcription debacle:
    [Facebook transcribed users’ audio messages without permission]
  2. Google’s hate speech detection algorithms get critiqued:
    [Racial bias observed in hate speech detection algorithm from Google]
  3. Amazon has a little email mishap:
    [Amazon customers say they received emails for other people’s orders]

Adam Neumann (WeWork) at TechCrunch Disrupt NY 2017

Extra Crunch

Our premium subscription service had another week of interesting deep dives. My colleague Danny Crichton wrote about the “tech” conundrum that is WeWork and the questions that are still unanswered after the company filed documents this week to go public.

WeWork’s S-1 misses these three key points

…How is margin changing at its older locations? How is margin changing as it opens up in places like India, with very different costs and revenues? How do those margins change over time as a property matures? WeWork spills serious amounts of ink saying that these numbers do get better … without seemingly being willing to actually offer up the numbers themselves…

Here are some of our other top reads this week for premium subscribers. This week, we published a major deep dive into the world’s next music unicorn and we dug deep into marketplace startups.

Sign up for more newsletters in your inbox (including this one) here.

8 million Android users tricked into downloading 85 adware apps from Google Play

Dozens of Android adware apps disguised as photo editing apps and games have been caught serving ads that would take over users’ screens as part of a fraudulent money-making scheme.

Security firm Trend Micro said it found 85 individual apps downloaded more than eight million times from the Google Play — all of which have since been removed from the app store.

More often than not adware apps will run on a user’s device and will silently serve and click ads in the background and without the user’s knowledge to generate ad revenue. But these apps were particularly brazen and sneaky, one of the researchers said.

“It isn’t your run-of-the-mill adware family,” said Ecular Xu, a mobile threat response engineer at Trend Micro. “Apart from displaying advertisements that are difficult to close, it employs unique techniques to evade detection through user behavior and time-based triggers.”

The researchers discovered that the apps would keep a record when they were installed and sit dormant for around half-an-hour. After the delay, the app would hide its icon and create a shortcut on the user’s home screen, the security firm said. That, they say, helped to protect the app from being deleted if the user decided to drag and drop the shortcut to the ‘uninstall’ section of the screen.

“These ads are shown in full screen,” said Xu. “Users are forced to view the whole duration of the ad before being able to close it or go back to app itself.”

When the app unlocked, it displayed ads on the user’s home screen. The code also checks to make sure it doesn’t show the same ad too frequently, the researchers said.

Worse, the ads can be remotely configured by the fraudster, allowing ads to be displayed more frequently than the default five minute intervals.

Trend Micro provided a list of the apps — including Super Selfie Camera, Cos Camera, Pop Camera, and One Stroke Line Puzzle — all of which had a million downloads each.

Users about to install the apps had a dead giveaway: most of the apps had appalling reviews, many of which had as many one-star reviews as they did five-stars, with users complaining about the deluge of pop-up ads.

Google does not typically comment on app removals beyond acknowledging their removal from Google Play.

Read more:

Media software Plex launches a new desktop app for Mac and Windows

Plex today is launching a new desktop application for Mac and Windows, with the goal of eventually replacing Plex Media Player as the company’s only desktop solution. The app’s arrival also signals a change in direction for the company, which will also now remove its existing Windows Store application and end support for the traditional home theater PC setup — the latter which involves a desktop computer connected to a TV or home theater.

The company explains this decision was made after examining how people were using Plex today, and found that most would have an equal or even better experience with a streaming device and its new players.

“It marks the end of an era for us, and we’d be lying if we said it wasn’t a little bittersweet,” the company wrote in a blog post about the change.

plex desktop tidal recommended 1024x661

Home theater PC-style configurations are today a bit of a holdover from an earlier era where there were fewer resources to stream personal media from your PC to your TV. Today, however, Plex’s apps for streaming devices are fairly capable, and a heck of a lot simpler to set up and use by mainstream consumers.

The company also noted that the new Apple TV and Android players support nearly all the same formats and that Plex’s app for streaming devices has come a long way in recent years.

plex desktop tidal artist 1024x660

“Modern streaming devices don’t need as much care and feeding as desktop computers. They don’t need to sleep (much), they use a tiny amount of electricity…and they don’t require nearly as much effort to get up and running. They have remotes that work wonderfully out of the box (no more fiddly custom key mappings!) In short, they’re designed for the environment in which you’re using them, and it shows,” the company explained, in hopes of fending off any backlash.

Meanwhile, the new Plex desktop app includes all the capabilities of Plex Media Player along with support for offline access. Previously called “Sync,” this feature has been renamed to “Downloads,” and lets you take your media with you. Similar support for offline media will come to Plex’s mobile apps, too, at a later date, the company said.

To use the Downloads feature, you’ll need a Plex Pass subscription. But otherwise, the new desktop app is free.

Though the desktop app is meant to replace Plex Media Player, the company says it will continue to update the software until January 2020, to allow time for everyone to make the transition.

Plex’s overall business has been changing, in recent years, to become more than just a home media organizer. Today, Plex is a DIY streaming solution that allows users to watch not just their own media across platforms, but also stream podcastsnews, web series, music from TIDAL, as well as capture and record live TV from a digital antenna.

This change has led to other closures, including Plex’s decision last year to Plugins, Cloud Sync and its “Watch Later” bookmarking feature, in addition to the technically challenging Plex Cloud.

It’s unclear how successful Plex’s changes have been as the company doesn’t disclose its number of paying subscribers. However, last year, Plex said it has 15 million registered users — meaning both free and paid. In January 2019, it upped that number to 20 million and noted it had “millions” of people using Plex on a monthly basis.

Elon Musk: Spotify is “coming” to Tesla vehicles in North America

Tesla owners in the U.S. and Canada may finally get that free Spotify Premium integration they’ve been asking for.

Tesla CEO Elon Musk tweeted late Wednesday night that Spotify premium integration is “coming.” Musk, who has talked about bringing Spotify to owners in North America before, did not provide a timeline. In other words, the music streaming service could be integrated next week or a six months from now.

But still, it’s a moment of celebration for many Tesla owners who have complained about Slacker Radio, the streaming music service integrated into all vehicles in the U.S. and Canada. Owners in Europe, Australia and Hong Kong have had Spotify Premium in their vehicles since late 2015.

Slacker Radio, which launched in 2007, has customizable radio stations based on the listener’s personal music tastes. The free and subscription-based service also tried to differentiate itself from the likes of Spotify and Pandora by using DJs to curate programs and at one time, even sold a portable music player. Despite its efforts, Slacker has been overshadowed by Spotify, which had 232 million monthly active users and 108 million paying subscribers at the end of June 2019.

Slacker was acquired in 2017 for $50 million in cash and stock by the LiveXLive, an entertainment and streaming service that focused on live music performances.

Last year, LiveXLive announced a partnership with Dash Radio, a digital radio broadcasting platform with more than 80 original live stations. Under the deal, Dash channels will be available across Slacker Radio a move meant to bring more live radio on the streaming service.